Jetpack 11.4 - Cross Site Scripting (XSS)

vendor:

Jetpack

by:

Behrouz Mansoori

8.8

CVSS

HIGH

Cross Site Scripting (XSS)

CWE

Product Name: Jetpack

Affected Version From: 11.4

Affected Version To: 11.4

Patch Exists: YES

Related CWE:

CPE: wordpress.org/plugins/jetpack

Metasploit:

Other Scripts:

Platforms Tested: Mac m1

2022

Jetpack 11.4 – Cross Site Scripting (XSS)

This plugin creates a Jetpack from any post types. The slider import search feature and tab parameter via plugin settings are vulnerable to reflected cross-site scripting.

Mitigation:

Upgrade to version 11.5 or later.

Source

Jetpack 11.4 – Cross Site Scripting (XSS)

Mitigation:

Exploit-DB raw data: